A new lock screen vulnerability has been found for Android users who have the Viber app installed. Viber allows users from every major mobile platform to make free calls, texts, and share photos for free but it's the Android version that's causing issues.
The folks over at Bkav Internet Security found a way to bypass the Android lock screen by simply sending two messages to a victim's handset. The exploit takes advantage of Viber's pop up messages, which wakes the screen of the victim's phone. A message alert will pop up where the attacker can bring up the keyboard for a brief second. The final part of the exploit requires an attacker to send a second message and hit the "Back" key on the device, which unlocks the device, allowing full access to the phone's contents.
Viber is aware of the issue and plans to issue an update over the next week. In the mean time, Viber recommends users disable Pop-up notifications if they want to protect themselves from this exploit.
While this vulnerability is unfortunate, it's unlikely that your phone will be compromised since it requires an attacker to have physical access to your phone AND have you as a Viber friend.
Check out the video below to check out the exploit in action.
Source: Ars Technica